If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Threaded View

WiFi is no longer secure enough to protect wireless data

WiFi is no longer secure enough to protect wireless data.

Global Secure Systems has said that a Russian's firm's use of the latest NVidia graphics cards to accelerate WiFi ‘password recovery' times by up to an astonishing 10,000 per cent proves that WiFi's WPA and WPA2 encryption systems are no longer enough to protect wireless data.

David Hobson, managing director of GSS, claimed that companies can no longer view standards-based WiFi transmission as sufficiently secure against eavesdropping to be used with impunity. He also said that the use of VPNs is arguably now mandatory for companies wanting to comply with the Data Protection Act.

He said: “This breakthrough in brute force decryption of WiFi signals by Elcomsoft confirms our observations that firms can no longer rely on standards-based security to protect their data. As a result, we now advise clients using WiFi in their offices to move on up to a VPN encryption system as well.

“Brute force decryption of the WPA and WPA2 systems using parallel processing has been on the theoretical possibilities horizon for some time - and presumably employed by relevant government agencies in extreme situations - but the use of the latest NVidia cards to speedup decryption on a standard PC is extremely worrying.

“The $64,000 question, of course, is what happens when hackers secure a pecuniary advantage by gaining access to company data flowing across a WPA or WPA2-encrypted wireless connection. Will the Information Commissioner take action against the company concerned for an effective breach of the Data Protection Act.”

ElcomSoft has released a new version its Distributed Password Recovery program for recovering system and document passwords at speeds of up to 1 billion passwords per second. Among the passwords the software can recover are system passwords such as NTLM (Windows logon passwords) and startup passwords, MD5 hashes, password-protected documents created by Microsoft Office 97-2007, PDF files created by Adobe Acrobat, as well as PGP, UNIX, and Oracle.

What’s interesting about the ElcomSoft approach is that the company is using multiple GPU-based video cards such as NVIDIA’s GeForce GTX280 in parallel to process hundreds of billions fixed-point calculations per second. This means, says ElcomSoft, that this release of the Distributed Password Recovery program can try around 5,000 passwords per second for Office 2007 documents with a single GeForce GTX260, while regular Core2Duo processors can only try up to 200 passwords per second.

ElcomSoft claims that all users have to do is insert into a PC video cards (like the GeForce GTX280) to take advantage of the capabilities. Unlike NVIDIA SLI mode (Scan Line Interleaving) that enables transparent use of multiple GPUs, ElcomSoft uses the computational power of several NVIDIA cards no matter if they are of the same kind. Currently supporting all GeForce 8 and GeForce 9 boards, the acceleration technology offloads parts of computational-heavy processing onto the fast and highly scalable processors featured in the NVIDIA’s graphic accelerators.

The acceleration technology developed by ElcomSoft allows the execution of mathematically intensive password recovery code on the massively parallel computational elements found in NVIDIA graphic accelerators. The GPU acceleration is unique to Elcomsoft Distributed Password Recovery, making password recovery up to 50 times faster compared to password recovery methods that only use the computer’s main CPU.

Interesting, even WPA and WPA2 are easily cracked, the questions are:

-Is it Bruteforce with word lists?
-How long does it actually take, or how many words/second if its wordlist? "1 billion passwords per second" Woot
-Is this method beeing explored as we speak?
-Anyone been working on the "Nvidia" crack new aproach ?